Skip to main content

Mozilla Firefox WOFF Font Processing Integer Overflow Vulnerability

Last Update Date: 28 Jan 2011 Release Date: 24 Mar 2010 5415 Views

RISK: Medium Risk

A vulnerability has been identified in Mozilla Firefox, which could be exploited by remote attackers to compromise a vulnerable system. This issue is caused by a integer overflow error in a font decompression routine within the WOFF decoder, which could be exploited by attackers to crash an affected browser or execute arbitrary code by tricking a user into visiting a specially crafted web page.


Impact

  • Remote Code Execution

System / Technologies affected

  • Mozilla Firefox version 3.6

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Upgrade to Mozilla Firefox version 3.6.2 :
http://www.mozilla.com/firefox/


Vulnerability Identifier

  • No CVE information is available

Source